[
    {
        "type": "enhancement",
        "category": "Signature",
        "description": "The visibility of the SignatureV4::getHeaderBlacklist() method has been changed from private to protected to allow overriding the method in extending classes. By default this method prevents headers from being signed to avoid issues with signature mismatches when sending requests through proxies; however you may want to be able to force some headers to be signed for request integrity reasons."
    },
    {
        "type": "api-change",
        "category": "CognitoIdentityProvider",
        "description": "This release adds a new \"AuthSessionValidity\" field to the UserPoolClient in Cognito. Application admins can configure this value for their users' authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this field will also apply to the SMS MFA authentication flow."
    },
    {
        "type": "api-change",
        "category": "Connect",
        "description": "This release adds search APIs for Routing Profiles and Queues, which can be used to search for those resources within a Connect Instance."
    },
    {
        "type": "api-change",
        "category": "MediaPackage",
        "description": "Added support for AES_CTR encryption to CMAF origin endpoints"
    },
    {
        "type": "api-change",
        "category": "SageMaker",
        "description": "This release enables administrators to attribute user activity and API calls from Studio notebooks, Data Wrangler and Canvas to specific users even when users share the same execution IAM role. ExecutionRoleIdentityConfig at Sagemaker domain level enables this feature."
    }
]
